US city hit by ransomware attack, internet shut

The tool that has paralysed the city is a National Security Agency creation called “EternalBlue”, which has been used in other high-profile cyber attacks including “Wannacry” in May 2017, The Verge reported on Saturday.

WT24 Desk

A ransomware attack has crippled the US city of Baltimore that has brought all of its email and online payment gateways to a standstill. The hackers are demanding $76,280 in exchange for freeing all the city’s systems, IANS reports.

The tool that has paralysed the city is a National Security Agency creation called “EternalBlue”, which has been used in other high-profile cyber attacks including “Wannacry” in May 2017, The Verge reported on Saturday.

Security experts suggest that hackers used “EternalBlue” to exploit a vulnerability in some versions of Windows XP and Vista systems, allowing an external party to execute remote commands on their target.

According to The Baltimore Sun, a ransom note left on a Baltimore city computer identified the ransomware as RobbinHood and demanded a payment of three Bitcoins (equivalent to $17,600 at current prices) per system, or 13 Bitcoins (worth $76,280) to re-store the entire city’s systems.

“We won’t talk more, all we know is money! Hurry up!” the note read.

In April 2017, the tool was leaked by hacking group The ShadowBrokers and within a day Microsoft had released a patch to fix the exploit.

However, just patching a system does not mean total closure of vulnerabilities.

Since May 7, Baltimore residents have been dealing with the cyber attack. All of their systems are shut, hindering bill payments and day-to-day expenditures.

The city officials have said that they would not pay the ransom demand. The IT department is trying to overcome the situation.

The city has begun to implement some workarounds, manually processing real estate transactions and setting up a Gmail system for city workers which Google initially shut down but has since restored, the report added.